<?php
include '../config.php';
function clean($str) {
	$str = @trim($str);
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
	}
	return mysql_real_escape_string($str);
}
if(empty($_POST['firstname'])|| 
   empty($_POST['lastname']) || 
   empty($_POST['username']) || 
   empty($_POST['password']) || 
   empty($_POST['confirmpassword']) || 
   empty($_POST['email'])) die(msg("All the fields are required"));
if (clean($_POST['password'] != clean($_POST['confirmpassword'])))
	die(msg("Confirm password was incorrect!"));
if(!(preg_match("/^[\.A-z0-9_\-\+]+[@][A-z0-9_\-]+([.][A-z0-9_\-]+)+[A-z]{1,4}$/", $_POST['email'])))
	die(msg("You haven't provided a valid email"));
$username=clean($_POST['username']);
$firstname=clean($_POST['firstname']);
$lastname=clean($_POST['lastname']);
$password=md5(clean($_POST['password']));
$gender=clean($_POST['gender']);
$email=clean($_POST['email']);
$addr=clean($_POST['address']);
$uQuery = mysql_query("SELECT * FROM user WHERE uName = '$username'")
or die(mysql_error());
$eQuery = mysql_query("SELECT * FROM user WHERE Email = '$email'")
or die(mysql_error());
if (mysql_num_rows($uQuery) > 0) die(msg("Username exist! Choose another please!"));
else if (mysql_num_rows($eQuery)>0) die(msg("Email exist! Registry with another one!"));
else {
	$uId=(int) mysql_num_rows(mysql_query("SELECT * FROM user"))+1;
	$query = mysql_query("INSERT INTO user VALUES ('".$uId."','$username','$password','$firstname','$lastname','$gender','$email','$addr') ") or die(mysql_error());
	session_start();
	$_SESSION['user'] = $username;
	$_SESSION['uId'] = $uId;
	$_SESSION['fName'] = $firstname;
	$_SESSION['lName'] = $lastname;
	$_SESSION['email']=$email;
  	$_SESSION['address']=$addr;
	echo msg('true');
}
function msg($txt)
{
	return ''.$txt.'';
}
?>